It was discovered that the Java GSS implementation in OpenJDK in somesituations did not properly apply subject credentials. An attackercould possibly use this to expose sensitive information or gainaccess to unauthorized resources.